When news broke recently about the largest data leak in history, the new record was set at over 2 billion pieces of information and that’s no laughing matter. According to CPO Magazine, the data was made up of names, addresses, phone numbers, dates of birth, mortgage information, and estimates of credit scores, along with other information. Passwords were not exposed, but enough personal information was to be frightening.
And by exposed, we mean just that: Someone stumbled upon these records as opposed to someone gaining illegal access by hacking a system with malicious intent.
Bob Diachenko is the cybersecurity professional who discovered—and easily accessed—the four databases that contained the records. He tells the story of that discovery here.
And Verifications.io is the company that accidentally made all of this information easily accessible. They are an email verification service, meaning they verify the validity of email addresses for marketers. At the same time, they collect—and store—other personal information besides email addresses. And all of this information was unsecured and accessed by Diachenko.
Another Wakeup Call
The biggest data leak in history so far based on numbers of records was seemingly minimal in damage. And although people are saying this was a benign data leak as an accidental one, not the result of a cyberattack, this still highlights the lax nature of cybersecurity that does lead to the kind of volatile data breaches and cyberattacks that put personal information at risk—and even for sale on the black market.
Yes, this one was “benign.” But will we be so lucky when this world record is broken? Probably not. Which is a good reminder that you simply can’t rest when it comes to cybersecurity.
Is Your Cybersecurity as Strong as Today’s Threats?
And that means it’s time for a cybersecurity shakeup. Every data breach, every cyberattack, is yet another painful reminder that we have more work to do, and that the criminals aren’t letting up—so neither can we. And chances are good that your cybersecurity team needs a skills review in light of this latest incident.
This isn’t any kind of criticism of your team. With how quickly technology changes, it could very well be that your cybersecurity team is failing to keep up simply because of the rate of change. There are six signs that your team is behind and your organization is vulnerable:
- You’re ignoring your edge devices.
- You’ve yet to master hacker tactics.
- You have more remote workers but your access protocol hasn’t changed.
- You’re not keeping your mobile devices current.
- Someone internally has been hit by ransomware.
- You still don’t have a cybersecurity governance plan.
Your team’s skills also need a review because they’re often fighting the battle from within and might not even realize it. Although there are the bad guys of cybercrime, many cybersecurity threats are internal or even innocuous. According to Identity Management Institute, “over 90 percent of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers.” That’s almost all cyber attacks!
In a summary of opinions by 31 cybersecurity experts on the trends of 2019, notice how many of the threats relate directly to employees, both on the cybersecurity team and outside of it:
- Privileged account misuse
- Insider threats
- Cyber hygiene
- Improperly secured cloud data
- Weak passwords
- Employee use of smartphones, laptops and IoT devices
- Email phishing
- Use of convenience services like Uber and DocuSign
- Cultural inertia and lack of urgency
A lack of cybersecurity talent was also stressed by two of the experts interviewed for that article. Which brings us to our next point…
We have a Cybersecurity Shortage
What should you do if you realize your team is falling behind? Get them certified. Cybersecurity certifications are plentiful because cybersecurity needs are so wide-ranging. At Simplilearn, we offer almost a dozen cybersecurity certifications. These include:
- COBIT 5 Control Objectives for Information and Related Technologies
- CompTIA Security+ 501
- CND - Certified Network Defender course
- CHFI - Computer Hacking Forensic Investigator Certification
- Certified Information Systems Security Professional (CISSP) certification
- Certified Information Systems Auditor (CISA) certification
- CEH (V10) - Certified Ethical Hacker
- CISM - Certified Information Security Manager
- CRISC - Certified in Risk and Information Systems Control
- CCSK - Cloud Computing Security Knowledge Certification
- CCSP - Certified Cloud Security Professional
Here’s another reason to get your team certified in something new: We’re already shorthanded in this industry. We don’t have enough trained and talented people to keep up with the current demand, let alone the future one. It’s predicted we will need 6 million cyber security professionals this year alone, and we will have 3.5 million unfilled cyber security jobs by 2021. Doesn’t it make sense to be proactive and keep your team up-to-speed rather than have to go out and hire from a too-small pool of candidates?
Because we really don’t want to set the world record for the biggest shortage of trained and talented cybersecurity professionals, do we?